Mnemonics are representation of entropy along with a checksum. First step involves making a decision as to how much entropy you consider safe for your operations. Assume, for now that you have decided on 128 bits of entropy. Below are the steps that you will follow to convert this entropy to mnemonic.
  • Use some cryptographically secure entropy generator to generate 128 bits of entropy.
  • Calculate the SHA256 of the entropy.
  • Append the first entropy_length/32 bits of the SHA256 of the entropy at the end of the entropy. For example, in our case we will append the first 4 bits of the SHA256(entropy) to the entropy since our entropy is 128 bits.
  • Each word of the mnemonic represents 11 bits. Hence, if you check the wordlist you will find 2048 unique words. Now, divide the entropy + checksum into parts of 11 bits each.
  • Match this 11 bit fragments to the words in the lookup table in the wordlist. Since we used 128 bits of entropy our checksum was 4 bits. So our entropy along with checksum represented a total of 132 bits. Thus our mnemonic will be 12 words. If you had used 256 bits of entropy, your checksum would have been (256/32 =) 8 bits. That would represent (264/11) = 24 words.
One thing to note is that any 12/24 words cannot be used as a mnemonic. Some 'portion' of the last word generally contains the checksum of the words chosen and hence has to be calculated. It is also discouraged to generate words directly from thought and use a secure cryptographic function to do so.